Discover Centmin Mod today
Register Now

Security Easier way to whitelist IPs across all domains?

Discussion in 'System Administration' started by josh, Jan 27, 2018.

  1. josh

    josh New Member

    26
    2
    3
    May 27, 2014
    Ratings:
    +2
    Local Time:
    11:43 PM
    Following the recommendations of tutorials posted on this website, I have my admin control panels for my xenforo sites accessible only through a whitelist in the nginx conf files.
    Recently my access IPs changed and it's been a pain in the neck going through and changing each conf.d file to reflect the new IPs. Is there a way to have the conf files draw whitelisted IPs from a single source so I can add/change/remove in one place and have all domains and nginx in general use only those IPs?
    Thanks in advance!
     
  2. eva2000

    eva2000 Administrator Staff Member

    36,022
    7,901
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,183
    Local Time:
    4:43 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Just use native nginx include files just like Centmin Mod does for some of default nginx vhost.

    Code (Text):
    server {
    
    .. other configs...
    
    location /admin {
        include /usr/local/nginx/conf/allowedips.conf;
    }
    
    location /privatedirectory {
        include /usr/local/nginx/conf/allowedips.conf;
    }
    
    }
    

    Then in /usr/local/nginx/conf/allowedips.conf include file add
    Code (Text):
        allow 127.0.0.1;
        allow YOURIPADDRESS;
        deny all;
    
     
    • Informative Informative x 1
  3. josh

    josh New Member

    26
    2
    3
    May 27, 2014
    Ratings:
    +2
    Local Time:
    11:43 PM
    Hmmm. For some reason this is blocking all https access from everyone but whitelisted IPs
     
  4. josh

    josh New Member

    26
    2
    3
    May 27, 2014
    Ratings:
    +2
    Local Time:
    11:43 PM
    I must've been doing something wrong because it seems to be working properly now.
    Does nginx call "allowedips.conf" by default if it exists? I initially placed it in the /conf/conf.d/ dir and also called allowedips.conf for /library/ and /internal_data/
     
  5. eva2000

    eva2000 Administrator Staff Member

    36,022
    7,901
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,183
    Local Time:
    4:43 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    yes it calls if exists in the correct path specified so you would of have had it in incorrect path if placed in /conf.d/
     
..